Using gitfs_remotes and Salt Stack formulas to provision Vagrant VM

Question

I'm trying to provision vagrant VM using salt with existing salt formulas. I've followed this presentation to get access to gitfs_remotes: https://github.com/borgstrom/salt-vagrant-saltconf2014/blob/master/presentation.md.

salt/minion

master: 127.0.0.1
state_verbose: False

salt/master:

# listen on the loopback in open mode
interface: 127.0.0.1
auto_accept: True

# use both the local roots as well as gitfs remotes
fileserver_backend:
  - roots
  - git

# map our project specific files to the local roots
file_roots:
  base:
    - /vagrant/salt/roots
pillar_roots:
  base:
    - /vagrant/salt/pillar

# setup our salt formulas as gitfs remotes
gitfs_remotes:
  - https://github.com/saltstack-formulas/mysql-formula

Vagrantfile (part):

config.vm.synced_folder "salt/roots/", "/srv/salt/"
config.vm.synced_folder "salt/pillar", "/srv/pillar/"

config.vm.provision :salt do |salt|
    salt.minion_config = "salt/minion"
    salt.master_config = "salt/master"
    salt.bootstrap_options = "-F -c /tmp/ -P"
    salt.run_highstate = true
end

/salt/roots/top.sls:

base:
  '*':
    - mysql

But I get the error:

[INFO ] SaltReqTimeoutError: after 60 seconds. (Try 7 of 7) Attempt to authenticate with the salt master failed

Answer 1

A masterless minion is able to use gitfs without an explicitly configured master. There was an issue in saltstack/salt.

Have a look at this issue in saltstack/salt-bootstrap, for details about why to install things in front using bash provisioning.

Here is a working configuration using the node-formula.

Vagrantfile

Vagrant.configure(2) do |config|
  config.vm.box = "debian/jessie64"

  # mount state tree and pillar
  config.vm.synced_folder ".saltstack/salt/", "/srv/salt/", type: "rsync"
  config.vm.synced_folder ".saltstack/pillar/", "/srv/pillar/", type: "rsync"

  # install those to be able to use gitfs for node formula
  # @see https://github.com/saltstack/salt-bootstrap/issues/245
  config.vm.provision :shell, :inline => "sudo apt-get -y install git-core"
  config.vm.provision :shell, :inline => "sudo apt-get -y install python-setuptools"
  config.vm.provision :shell, :inline => "sudo easy_install GitPython"

  config.vm.provision :salt do |salt|
    # Workaround for:
    # Copying salt minion config to /etc/salt
    # Failed to upload a file to the guest VM via SCP due to a permissions
    # error. [...]; @see:
    # https://github.com/mitchellh/vagrant/issues/5973#issuecomment-137276605
    salt.bootstrap_options = '-F -c /tmp/ -P'
    salt.masterless = true
    salt.minion_config = ".saltstack/minion"
    salt.run_highstate = true
    salt.verbose = true
  end

  # sync working dir
  config.vm.synced_folder ".", "/vagrant", type: "rsync",
    rsync__exclude: [".git/", ".saltstack"]
end

.saltstack/minion

state_verbose: True

file_client: local

gitfs_provider: gitpython

fileserver_backend:
  - roots
  - git

gitfs_remotes:
  - https://github.com/saltstack-formulas/node-formula.git

Answer 2

You are getting that error because when a minion connects to Salt Master - the request has to be approved by Salt master. It is like a security mechanism - first time around needs approval, second time onwards the fingerprint of machine is used. On your salt master run:

sudo salt-key

You should see something like and you will notice that the key of new machine is not yet accepted.

Accepted Keys: Denied Keys: Unaccepted Keys: xyz.hostname.com Rejected Keys:

Go ahead and run the command:

sudo salt-key -A

Say yes on confirmation and the key will be accepted and the error should go away. Also to test that the minion is reachable run command on master:

sudo salt '*' test.ping

This should return true from minions.

Finally use a tried and test project like this one from Salt team or one I have written and you will get going with Salt quite fast.